A recent discovery by Dr. Web antivirus has uncovered a group of Android malware, phishing, and adware apps that have infiltrated the Google Play store. These malicious apps have deceived over two million users into installing them.
Disguised as useful utilities and system optimizers, the apps actually cause performance issues, display unwanted ads, and negatively impact the user experience.
One particularly alarming app, TubeBox, has already reached one million downloads and is still available on Google Play. Promising monetary rewards for watching videos and ads, the app fails to deliver, presenting errors when users attempt to redeem rewards. Even those who complete the withdrawal process never receive the promised funds. Researchers believe this is a ploy to keep users engaged in the app, watching ads, and generating revenue for the developers.
Additional adware apps, which appeared on Google Play in October 2022 but have since been removed, include Bluetooth device auto connect, Bluetooth & Wi-Fi & USB driver, Volume, Music Equalizer, and Fast Cleaner & Cooling Master. These apps receive commands from Firebase Cloud Messaging and load specific websites to generate fraudulent ad impressions on infected devices.
In the case of Fast Cleaner & Cooling Master, with a relatively low download volume, remote operators were able to configure an infected device to act as a proxy server, allowing threat actors to direct their own traffic through the compromised device.
Furthermore, Dr. Web discovered a series of loan scam apps claiming affiliation with Russian banks and investment groups. These apps, with an average of 10,000 downloads on Google Play, were promoted through malvertisements in other apps, luring users with promises of guaranteed investment profits. In reality, these apps redirect users to phishing sites that collect personal information.
To safeguard oneself against fraudulent apps on the Google Play store, it is recommended to check for negative reviews, carefully review privacy policies, and evaluate the authenticity of the developer’s site.
As a general precaution, it is advisable to minimize the number of installed apps on your device and regularly verify that Google’s Play Protect feature is activated.
Update 12/6/22: BleepingComputer has confirmed that a Google spokesperson announced the removal of all the mentioned apps from Google Play.